admin 管理员组

文章数量: 887031

#{}和¥{}的区别

实例:
#{}的情况:

select name form student where age=#{studentAge};

参数studentAge=18
编译后

select name form student where age=?;

${}的情况:

select name form student where age=${studentAge};

参数studentAge=18
编译后

select name form student where age=18;

说明:
由上面的实例可见
1.${}在编译过程中进行了sql注入,将传参的值直接传入到了sql语句中。而#{}则没有。比如:order by ${111} ,编译后 order by 111.order by ${id} ,编译后,order by id
2.#{}将传入的值当作字符串,会对自动传入数据加一个双引号。比如:order by ${111} ,编译后 order by “111”.order by ${id} ,编译后,order by ”id“

本文标签: 和的区别